Seminar On 3D Password

submitted by: sangrambadi sahoo regd no-12031030 samarendra sahoo regd no-12031014

INTRODUCTION
Normally the authentication scheme the user undergoes is particularly very lenient or very strict. Throughout the years authentication has been a very interesting approach. With all the means of technology developing, it can be very easy for 'others' to fabricate or to steal identity or to hack someones password. So from here the concept of 3

EXISTING SYSTEM
Current authentication systems suffer from many weaknesses. Textual passwords are commonly used. Users tend to choose meaningful words from dictionaries, which make textual passwords easy to break and vulnerable to dictionary or brute force attacks. Many available graphical passwords have a password space that is less than or equal to the textual password space. Smart cards or tokens can be stolen. Many biometric authentications have been proposed. However, users tend to resist using biometrics because of their intrusiveness and the effect on their privacy. Moreover, biometrics cannot be revoked. The 3Dpassword is a multi factor authentication scheme. The design of the 3D virtual environment and the type of objects selected determine the 3D password key space. User have freedom to select whether the 3D password will be solely recall, recognition, or token based, or combination of two schemes or more.

PROPOSED SYSTEM
The proposed system is a multi factor authentication scheme that combines the benefits of various authentication schemes. Users have the freedom to select whether the 3D password will be solely recall, biometrics, recognition, or token based, or a combination of two schemes or more. This freedom of selection is necessary because users are different and they have different requirements. Therefore, to ensure high user acceptability, the users freedom of selection is important.

BRIEF DESCRIPTION OF SYSTEM

The 3D password is a multi factor authentication scheme. The 3D password presents a 3D virtual environment containing various virtual objects. The user navigates through this environment and interacts with the objects. The 3D password is simply the combination and the sequence of user interactions that occur in the 3D virtual environment. The 3D password can combine recognition, recall, token, and biometrics based systems into one authentication scheme. This can be done by designing a 3D virtual environment that contains objects that request information to be recalled, information to be recognized, tokens to be presented, and biometric data to be verified.

3D PASSWORD SCHEME
The 3D Password scheme is a new authentication scheme that combine RECOGNITION + RECALL +TOKENS +BIOMETRIC In one authentication system

3D PASSWORD SCHEME
The 3D password presents a virtual environment containing various virtual objects. The user walks through the environment and interacts with the objects The 3d Password is simply the combination and sequence of user interactions that occur in the 3D environment

3D Password selection
Virtual objects can be any object we encounter in real life:
A computer on which the user can type A fingerprint reader that requires users fingerprint A paper or white board on which user can type A Automated teller(ATM) machine that requires a token A light that can be switched on/off A television or radio A car that can be driven A graphical password scheme

For EXAMPLE:
Let us assume the user enters a virtual office then performs the following action:
(10,24,91) Action=Open office door (10,24,91) Action=Close office door (4,34,18) Action=Tpeine,C (4,34,18) Action=Typing,O (4,34,18)Action=Typing,N (10,24,80)Action=Pick up the pen (1,18,80)Action=Draw point=(330,130)

3D Password Authentication

3D PASSWORD SELECTION AND INPUT

Let us consider a 3D virtual environment space of size G G G. The 3D environment space is represented by the coordinates (x, y, z) [1, . . . , G] [1, . . . , G] [1, . . . , G]. The objects are distributed in the 3D virtual environment with unique (x, y, z) coordinates. We assume that the user can navigate into the 3D virtual environment and interact with the objects using any input device such as a mouse, key board, fingerprint scanner, iris scanner, stylus, card reader, and microphone. We consider the sequence of those actions and interactions using the previous input devices as the users 3D password.

3D VIRTUAL ENVIRONMENT DESIGN GUIDELINES

Real Life Similarity The prospective 3D virtual environment should reflect what people are used to seeing in real life. Objects used in virtual environments should be relatively similar in size to real objects (sized to scale). Possible actions and interactions toward virtual objects should reflect real life situations. Object responses should be realistic. The target should have a 3D virtual environment that users can interact Object uniqueness and distinction every virtual object or item in the 3D virtual environment is different from any other virtual object. The uniqueness comes from the fact that every virtual object has its own attributes such as position. Thus, the prospective interaction with object 1 is not equal to the interaction with object 2

3D PASSWORD APPLICATION
Critical server many large organizations have critical servers that are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password. Nuclear and military facilities such facilities should be protected by the most Powerful authentication systems. The 3D password has a very large probable password space, and since it can contain token, biometrics, recognition and knowledge based Authentications in a single authentication system, it is a sound choice for high level security locations.

STATE DIAGRAM OF A 3D PASSWORD APPLICATION

Advantages
Flexibility:3D Passwords allows Multifactor authentication biometric , textual passwords can be embedded in 3D password technology. Strength: This scenario provides almost unlimited passwords possibility. Ease to Memorize: can be remembered in the form of short story. Respect of Privacy: Organizers can select authentication schemes that respect users privacy.

Disadvantages
Brute Force Attack: The attack is very difficult
because
1. Time required to login may vary form 20s to 2 min therefore it is very time consuming. Cost of Attack: A 3D Virtual environment may contain biometric object ,the attacker has to forge all biometric information.

2.

Well Studied Attack: Attacker tries to get the most

probable distribution of 3D Password. This is difficult because attacker has to perform customized attack fo different virtual environment .

Disadvantages
Shoulder Surfing Attacks: Attacker uses camera to record the users 3D passwords.This attack is more succesful. Timing Attack: The Attacker observes how long it takes the legitimate user to perform correct log in using 3D Password.which gives an indication of 3-D Passwords length.This attack cannot be succesful since it gives the attacker mere hints.

CONCLUSION
The 3D password is a multi factor authentication scheme that combines the various authentication schemes into a single 3D virtual environment. The virtual environment can contain any existing authentication scheme or even any upcoming authentication scheme or even any upcoming authentication schemes by adding it as a response to actions performed on an object. Therefore the resulting password space becomes very large compared to any existing authentication schemes. The design of the 3D virtual environment the selection of objects inside the environment and the object's type reflect the resulted password space. It is the task of the system administrator to design the environment and to select the appropriate object that reflects the protected system requirements.

REFERENCES
[1] X. Suo, Y. Zhu, and G. S. Owen, Graphical passwords: A survey, in Proc. 21st Annu. Comput. Security Appl. Conf., Dec. 59, 2005, pp. 463472. [2] D. V. Klein, Foiling the cracker: A survey of, and improvement to passwords security, in Proc. USENIX Security Workshop, 1990, pp. 514. [3] NBC news, ATM Fraud: Banking on Your Money, Dateline Hidden Cameras Show Criminals Owning ATMs, Dec. 11, 2003.

Thanks!!!!